annotate modules/my_fw/manifests/pre.pp @ 403:a0c1b33a243f

Add missed new Firewall module files
author IBBoard <dev@ibboard.co.uk>
date Wed, 20 Apr 2022 19:30:33 +0100
parents 11d940c9014e
children 2c3e745be8d2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class my_fw::pre {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 Firewall {
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 require => undef,
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4 }
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
5
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
6 $icmp_proto = $my_fw::ip_version == "IPv6" ? { true => 'ipv6-icmp', default => 'icmp' }
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
7 $localhost = $my_fw::ip_version == "IPv6" ? { true => '::1/128', default => '127.0.0.0/8' }
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
8
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
9 # Default firewall rules
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 firewall { '000 accept all icmp':
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
11 proto => $icmp_proto,
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 firewall { '001 accept all to lo interface':
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 iniface => 'lo',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 } ->
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 firewall { "002 reject local traffic not on loopback interface":
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 iniface => '! lo',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 proto => 'all',
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 40
diff changeset
22 destination => $localhost,
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 action => 'reject',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 } ->
348
11d940c9014e Update Firewall module to try and fix quoting string issue
IBBoard <dev@ibboard.co.uk>
parents: 279
diff changeset
25 firewall { '005 accept related established rules':
40
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 proto => 'all',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 state => ['RELATED', 'ESTABLISHED'],
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 action => 'accept',
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 }
222904296578 Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30 }